This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to distribute PAC file via GPO

I'm new to the Sophos web appliance. We are migrating one of our divisions off of two VERY OLD proxy servers, IronPort and BlueCoat.  We are moving to a Sophos web appliance. It is currently installed, basically configured and running, but not processing traffic yet. I need to GRADUALLY migrate users to the new appliance and want to use an AD GPO to control that process.  I need some good, detailed information on where I should put the PAC file so that I can deliver the link via GPO and have it read and processed correctly by IE, Chrome and FireFox.

 

I also need to know where, in the GPO, the settings should reside. I've seen some older documents from 2012 that provide limited information, but I am looking for more current content that could assist me with this migration.

Thanks in advance for your time and input.



This thread was automatically locked due to age.
  • Hi,

     

    i have only managed to get the PAC file work on SG430 but not XG430, im still trying to figure the XG430 out a it has a totally new interface.

    Which Sophos UTM do you want to do this on? 

  • We put our PAC file URL in User Configuration -> Preferences -> Control Panel Settings -> Internet Settings -> Internet Explorer 10 -> Connections -> LAN Settings -> Use automatic configuration script

    Chrome will pick these up but there's a set of ADMX file you can get from Google to explicitly set them in Chrome if you feel it's necessary. But don't get too excited about all the Chrome policies because modern versions of Chrome seem to ignore many of them for whatever reason.

    I can't recall what Firefox does for this as we've stopped using it in our environment.

    -Gary

  • The easiest way i've recently found is to use wpad (web proxy auto discovery) using DNS (DHCP is also an option)

    Basically you create an internal web server and create a wpad.[localdomain] dns CNAME entry pointing to it. Then create a wpad.dat file on the root (basically this is a pac file)

    Then with automatically detect settings is ticked in internet options it picks up the config and applies it.

    These links may should help

    https://technet.microsoft.com/en-gb/library/cc995261.aspx 

    http://findproxyforurl.com/ 

     

    GPO wise you just have to look at enforcing the automatically detect settings option which is done by importing the registry setting, and if you want to lock it down you can disable the connections tab.

    not sure on firefox, but for chrome you can import the chrome admx file and you can enforce chrome to use system settings, which uses the ie settings